Skip to content

hedgedoc: use the centralized admin db

This:

  • removes the postgresql installation instruction part
  • installs the postgresql-client package so the pg_dump part (during an upgrade) is ok
  • add missing comment

Related to T3833

Test Plan

vagrant up (dali vm mounted and up with the db, then up bardo):

...
==> admin-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[postgresql-client-14]/ensure: created
==> admin-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hedgedoc-dump-db]/returns: executed successfully
==> admin-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hedgedoc-setup]/returns: executed successfully
==> admin-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hedgedoc-setup]: Triggered 'refresh' from 1 event
==> admin-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/opt/hedgedoc/current]/ensure: created
...

octo-diff ok:

$ $SWH_PUPPET_ENVIRONMENT_HOME/bin/octocatalog-diff --octocatalog-diff-args --no-truncate-details --to staging bardo
...
diff origin/production/bardo.internal.admin.swh.network current/bardo.internal.admin.swh.network
*******************************************
- Anchor[postgresql::server::service::begin]
*******************************************
- Anchor[postgresql::server::service::end]
*******************************************
- Concat::Fragment[pg_hba_rule_allow access to all users]
*******************************************
- Concat::Fragment[pg_hba_rule_allow access to ipv6 localhost]
*******************************************
- Concat::Fragment[pg_hba_rule_allow localhost TCP access to postgresql user]
*******************************************
- Concat::Fragment[pg_hba_rule_local access as postgres user]
*******************************************
- Concat::Fragment[pg_hba_rule_local access to database with same name]
*******************************************
- Concat::Fragment[pg_hba_rule_postgresql class generated rule ipv4acls 0]
*******************************************
- Concat::Fragment[pg_hba_rule_postgresql class generated rule ipv4acls 1]
*******************************************
- Concat[/etc/postgresql/12/main/pg_hba.conf]
*******************************************
- Concat[/etc/postgresql/12/main/pg_ident.conf]
*******************************************
- Concat_file[/etc/postgresql/12/main/pg_hba.conf]
*******************************************
- Concat_file[/etc/postgresql/12/main/pg_ident.conf]
*******************************************
- Concat_fragment[/etc/postgresql/12/main/pg_hba.conf_header]
*******************************************
- Concat_fragment[/etc/postgresql/12/main/pg_ident.conf_header]
*******************************************
- Concat_fragment[pg_hba_rule_allow access to all users]
*******************************************
- Concat_fragment[pg_hba_rule_allow access to ipv6 localhost]
*******************************************
- Concat_fragment[pg_hba_rule_allow localhost TCP access to postgresql user]
*******************************************
- Concat_fragment[pg_hba_rule_local access as postgres user]
*******************************************
- Concat_fragment[pg_hba_rule_local access to database with same name]
*******************************************
- Concat_fragment[pg_hba_rule_postgresql class generated rule ipv4acls 0]
*******************************************
- Concat_fragment[pg_hba_rule_postgresql class generated rule ipv4acls 1]
*******************************************
  Exec[hedgedoc-dump-db] =>
   parameters =>
     environment =>
      - ["PGHOST=localhost", "PGUSER=hedgedoc", "PGPORT=5433", "PGPASSWORD=swh-deploy-hedgedoc-db-password"]
      + ["PGHOST=db1.internal.admin.swh.network", "PGUSER=hedgedoc", "PGPORT=5432", "PGPASSWORD=swh-deploy-hedgedoc-db-password"]
*******************************************
- Exec[postgresql_initdb]
*******************************************
- Exec[postgresql_reload]
*******************************************
- Exec[postgresql_stop_data_directory]
*******************************************
- Exec[set_postgres_postgrespw]
*******************************************
- File[/etc/postgresql/12/main/postgresql.conf]
*******************************************
  File[/opt/hedgedoc/1.9.2/.sequelizerc] =>
   parameters =>
     content =>
      @@ -5,4 +5,4 @@
           'migrations-path': path.resolve('lib', 'migrations'),
           'models-path':     path.resolve('lib', 'models'),
      -    'url':             'postgres://hedgedoc:swh-deploy-hedgedoc-db-password@localhost:5433/hedgedoc'
      +    'url':             'postgres://hedgedoc:swh-deploy-hedgedoc-db-password@db1.internal.admin.swh.network:5432/hedgedoc'
       }
*******************************************
  File[/opt/hedgedoc/1.9.2/config.json] =>
   parameters =>
     content =>
      @@ -42,6 +42,6 @@
                   "password": "swh-deploy-hedgedoc-db-password",
                   "database": "hedgedoc",
      -            "host": "localhost",
      -            "port": "5433",
      +            "host": "db1.internal.admin.swh.network",
      +            "port": "5432",
                   "dialect": "postgres"
               }
*******************************************
- File[/srv/softwareheritage/postgres/12/main]
*******************************************
- File[/srv/softwareheritage/postgres/12]
*******************************************
- File[/srv/softwareheritage/postgres]
*******************************************
+ Package[postgresql-client-14] =>
   parameters =>
      "ensure": "present"
*******************************************
- Package[postgresql-server]
*******************************************
- Postgresql::Server::Config_entry[cluster_name]
*******************************************
- Postgresql::Server::Config_entry[data_directory]
*******************************************
- Postgresql::Server::Config_entry[listen_addresses]
*******************************************
- Postgresql::Server::Config_entry[max_connections]
*******************************************
- Postgresql::Server::Config_entry[port]
*******************************************
- Postgresql::Server::Config_entry[shared_buffers]
*******************************************
- Postgresql::Server::Config_entry[shared_preload_libraries]
*******************************************
- Postgresql::Server::Database[hedgedoc]
*******************************************
- Postgresql::Server::Database_grant[GRANT hedgedoc - ALL - hedgedoc]
*******************************************
- Postgresql::Server::Database_grant[hedgedoc]
*******************************************
- Postgresql::Server::Db[hedgedoc]
*******************************************
- Postgresql::Server::Grant[database:GRANT hedgedoc - ALL - hedgedoc]
*******************************************
- Postgresql::Server::Grant[database:hedgedoc]
*******************************************
- Postgresql::Server::Pg_hba_rule[allow access to all users]
*******************************************
- Postgresql::Server::Pg_hba_rule[allow access to ipv6 localhost]
*******************************************
- Postgresql::Server::Pg_hba_rule[allow localhost TCP access to postgresql user]
*******************************************
- Postgresql::Server::Pg_hba_rule[local access as postgres user]
*******************************************
- Postgresql::Server::Pg_hba_rule[local access to database with same name]
*******************************************
- Postgresql::Server::Pg_hba_rule[postgresql class generated rule ipv4acls 0]
*******************************************
- Postgresql::Server::Pg_hba_rule[postgresql class generated rule ipv4acls 1]
*******************************************
- Postgresql::Server::Role[guest]
*******************************************
- Postgresql::Server::Role[hedgedoc]
*******************************************
- Postgresql_conf[cluster_name]
*******************************************
- Postgresql_conf[data_directory]
*******************************************
- Postgresql_conf[listen_addresses]
*******************************************
- Postgresql_conf[max_connections]
*******************************************
- Postgresql_conf[port]
*******************************************
- Postgresql_conf[shared_buffers]
*******************************************
- Postgresql_conf[shared_preload_libraries]
*******************************************
- Postgresql_conn_validator[validate_service_is_running]
*******************************************
- Postgresql_psql[ALTER DATABASE "hedgedoc" OWNER TO "hedgedoc"]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" CONNECTION LIMIT -1]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" INHERIT]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" LOGIN]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" NOCREATEDB]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" NOCREATEROLE]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" NOREPLICATION]
*******************************************
- Postgresql_psql[ALTER ROLE "guest" NOSUPERUSER]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" CONNECTION LIMIT -1]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" INHERIT]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" LOGIN]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" NOCREATEDB]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" NOCREATEROLE]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" NOREPLICATION]
*******************************************
- Postgresql_psql[ALTER ROLE "hedgedoc" NOSUPERUSER]
*******************************************
- Postgresql_psql[ALTER ROLE guest ENCRYPTED PASSWORD ****]
*******************************************
- Postgresql_psql[ALTER ROLE hedgedoc ENCRYPTED PASSWORD ****]
*******************************************
- Postgresql_psql[CREATE DATABASE "hedgedoc"]
*******************************************
- Postgresql_psql[CREATE ROLE guest ENCRYPTED PASSWORD ****]
*******************************************
- Postgresql_psql[CREATE ROLE hedgedoc ENCRYPTED PASSWORD ****]
*******************************************
- Postgresql_psql[REVOKE CONNECT ON DATABASE "hedgedoc" FROM public]
*******************************************
- Postgresql_psql[UPDATE pg_database SET datistemplate = false WHERE datname = 'hedgedoc']
*******************************************
- Postgresql_psql[grant:database:GRANT hedgedoc - ALL - hedgedoc]
*******************************************
- Postgresql_psql[grant:database:hedgedoc]
*******************************************
- Service[postgresqld]
*******************************************
*** End octocatalog-diff on bardo.internal.admin.swh.network

Migrated from D6947 (view on Phabricator)

Merge request reports